US11487892B2 - Financial data secure sharing method, device and system based on cloud server - Google Patents
Financial data secure sharing method, device and system based on cloud server Download PDFInfo
- Publication number
- US11487892B2 US11487892B2 US17/729,996 US202217729996A US11487892B2 US 11487892 B2 US11487892 B2 US 11487892B2 US 202217729996 A US202217729996 A US 202217729996A US 11487892 B2 US11487892 B2 US 11487892B2
- Authority
- US
- United States
- Prior art keywords
- financial data
- sharing
- cloud server
- data
- data sharing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
- G06Q40/125—Finance or payroll
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Asset management; Financial planning or analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present invention relates to a technical field of data processing, and more particularly to a financial data secure sharing method, a device and a system based on a cloud server.
- Financial data is a statement of accounting data that reflects the capital and profit status of an enterprise or budget unit for a certain period of time. For some unlisted enterprises or budget units that do not need to disclose the financial data, the financial data has a certain degree of confidentiality within a certain period of time, which should be prevented from leaking to the outside world. However, it is also necessary to ensure the sharing of these financial data among relevant personnel, and such sharing must be secure.
- An object of the present invention is to overcome the deficiencies of the prior art by providing a financial data secure sharing method, a device and a system based on a cloud server, in such a manner that financial data can be shared according to user identity authorities, thereby ensuring the security of the shared financial data.
- the present invention provides a financial data secure sharing method based on a cloud server, comprising steps of:
- logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of:
- using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of:
- controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed;
- controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of:
- filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of:
- selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of:
- the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process
- the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
- storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of:
- storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of:
- the present invention also provides a financial data secure sharing device based on a cloud server, comprising:
- a data uploading module for filling-in and uploading financial data according to a data sharing upload format provided by the cloud server after the financial data sharing party logs-in;
- a format unification module for performing a unified format conversion on the financial data by the cloud server after receiving the financial data, so as to generate unified-format financial data
- an encryption selection module for selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain;
- an encryption authentication module for processing the unified-format financial data with encryption authentication based on the encryption method selected, and obtaining an encryption authentication result
- a data sharing module for storing the encryption authentication result in a memory of the cloud server based on a preset storage structure, and providing data sharing to a corresponding user through the data access sharing interface.
- the present invention also provides a financial data secure sharing system based on a cloud server, comprising: the cloud server and multiple user terminals, wherein the multiple user terminals perform data interactive connection based on a data access sharing gateway constructed by the cloud server; the system is configured to execute the above financial data secure sharing method.
- the financial data can be shared according to the user identity authority.
- the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
- FIG. 1 is a flowchart of a financial data secure sharing method based on a cloud server according to an embodiment of the present invention
- FIG. 2 is a structural diagram of a financial data secure sharing device based on a cloud server according to an embodiment of the present invention.
- FIG. 3 is a structural diagram of a financial data secure sharing system based on a cloud server according to an embodiment of the present invention.
- FIG. 1 is a flowchart of a financial data secure sharing method based on a cloud server according to the embodiment 1 of the present invention.
- a financial data secure sharing method based on a cloud server comprising steps as follows.
- S 11 logging-in with a terminal through a data access sharing interface provided by the cloud server to obtain a financial data sharing authority for a financial data sharing party.
- logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of: constructing a data access sharing gateway by the cloud server based on the data access sharing interface, while generating a data sharing authority center in the cloud server; using the data access sharing gateway to authenticate an identity of the financial data sharing party, so as to log-in to the cloud server with the terminal; and sending an authenticated identity of the financial data sharing party to the data sharing authority center by the cloud server, and assigning a corresponding financial data sharing authority to the financial data sharing party in the data sharing authority center based on the authenticated identity.
- using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of: inputting an identity authentication account and a corresponding authentication password to the cloud server by the financial data sharing party through the data access sharing gateway on the terminal; performing identity matching authentication by the cloud server after receiving the identity authentication account and the corresponding authentication password, and obtaining a first authenticated identity after the identity matching authentication is passed; controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed; and if the first authenticated identity matches with the second authenticated identity, allowing the financial data sharing party to log-in to the cloud server.
- controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of: controlling a camera device of the terminal by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with authorization given to the terminal by the corresponding user; performing key point feature extraction on the collected face image by the cloud server to obtain key point feature data; and performing the secondary identity matching authentication based on the key point feature data and user face feature data stored in the cloud server, and after the secondary identity matching authentication is passed, obtaining a stored identity of the corresponding user as the second authenticated identity.
- the financial data sharing party needs to log-in to the cloud server through the terminal and obtain the relevant financial data sharing authority.
- the cloud server provides the corresponding data access sharing interface, and constructs the data access sharing gateway according to the data access sharing interface, so as to establish a secure interval layer between the cloud server and the terminal through the data access sharing gateway, which ensures security of the cloud server when the terminal accesses the cloud server.
- the data sharing authority center is built in the cloud server, which is specially used to assign the financial data sharing authority to the user, in such a manner that the financial data sharing party can log-in to the cloud server by authenticating the identity through the data access sharing gateway on the terminal.
- the cloud server After the financial data sharing party remotely logs-in to a remote server, the cloud server sends the authenticated identity of the financial data sharing party to the data sharing authorization center, and assigns the corresponding financial data sharing authority to the financial data sharing party in the data sharing authorization center according to the authenticated identity.
- Different financial data sharing authorities corresponding to different financial data sharing parties with different authenticated identities are stored in the data sharing authorization center.
- the authenticated identity is used to match with a corresponding authenticated identity in the data sharing authority center, so as to obtain the financial data sharing authority corresponding to the financial data sharing party.
- a dual authentication method is used for identity authentication, namely the traditional account and password authentication and the biometric authentication.
- the financial data sharing party inputs the identity authentication account number to the cloud server through the data access sharing interface on the terminal and the corresponding authentication password, and then the cloud server receives the identity authentication account number and the corresponding authentication password for identity matching authentication, so as to obtain the first authenticated identity after the authentication is passed.
- the terminal is controlled according to the data access sharing gateway to collect the face image of the financial data sharing party for the secondary identity matching authentication, wherein the second authenticated identity is obtained after the authentication is passed. If the first authenticated identity matches with the second authenticated identity, the financial data sharing party is allowed to log-in to the cloud server.
- the camera device of the terminal is controlled by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with the authorization given to the terminal by the corresponding user.
- the key point feature extraction is performed on the collected face image by the cloud server, wherein grayscale converting as well as high and low pass filtering are performed before locating the key points, and finally the key point feature extraction is performed according to the located key points to obtain the key point feature data.
- the secondary identity matching authentication is performed based on the key point feature data and the user face feature data stored in the cloud server. After the secondary identity matching authentication is passed, the stored identity of the corresponding user is used as the second authenticated identity. Through the secondary authentication, the identity security of the financial data sharing party logging-in to the cloud server is effectively guaranteed, which is beneficial to ensure the authenticity and validity of the shared financial data.
- filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of: after the financial data sharing party logs-in to the cloud server, pushing the data sharing upload format to the terminal of the financial data sharing party by the cloud server based on the financial data sharing authority of the financial data sharing party; and filling-in and uploading the financial data by the financial data sharing party with the terminal according to the data sharing upload format.
- the cloud server will push the data sharing upload format to the terminal of the financial data sharing party according to the financial data sharing authority of the financial data sharing party or a selection within the financial data sharing authority of the financial data sharing party. Then the financial data sharing party fills-in and uploads the financial data on the corresponding terminal according to the data sharing upload format.
- the cloud server after receiving the financial data, performs the unified format conversion on the financial data according to a preset financial data converting rule, so as to generate unified-format financial data.
- S 14 selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain.
- selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of: selecting the encryption method for the unified-format financial data by the financial data sharing party according to the financial data sharing authority; or calculating an optimal value between the authentication speed and the authentication range of different blockchains based on a preset algorithm, and selecting the encryption method for the unified format financial data based on the optimal value; wherein the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process; the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
- the financial data sharing party can select the encryption method the unified-format financial data within the financial data sharing authority.
- the optimal value between the authentication speed and the authentication range of the different blockchains can be calculated based on the preset algorithm, so as to select the encryption method for the unified format financial data based on the optimal value.
- the optimal value between the authentication speed and the authentication range of the different blockchains is calculated with the preset algorithm mainly according to the size of the financial data to be shared and the security level of the financial data (the security level is determined by the financial data sharing party).
- the optimal value between the authentication speed and the authentication range of the different blockchains is the nonlinear mapping process or the linear mapping process; the encryption method is the alliance chain encryption method, the public chain encryption method, or the private chain encryption method.
- the unified-format financial data is processed with the encryption authentication based on the alliance chain encryption method, and an alliance chain encryption authentication result is recorded.
- the public chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the public chain encryption method, and a public chain encryption authentication result is recorded.
- the private chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the private chain encryption method, and a private chain encryption authentication result is recorded. Finally, the encryption authentication result is obtained.
- storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of: converting the encryption authentication result into binary information, and storing the binary information in the memory of the cloud server according to an ordered set storage structure to form a storage data chain.
- storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of: while storing the binary information in the memory of the cloud server according to the ordered set storage structure, obtaining corresponding elements of the binary information; binding each of the corresponding elements with a unique score; and storing ordered set serial numbers based on the unique scores, and converting the binary information into the storage data chain.
- the encryption authentication result needs to be converted into the binary information, and then the binary information is stored in the cloud server with the ordered set storage structure, which forms the storage data chain.
- the ordered set storage structure is zeset (ordered set) in Redis (key-value storage system (database)).
- the zeset is a sortable set. Inside the zeset, each element has a unique score bound to it, which means the binary information can be stored to form the storage data chain.
- the encryption authentication result should be converted into the binary information for storage, then the binary information is stored in the memory of the cloud server according to the ordered set storage structure, and the elements corresponding to the binary information are obtained. Inside the ordered set in the memory, each element is bound with the unique score. When it is first queried by the user, the corresponding element can be queried through the unique score. The ordered set serial numbers are stored based on the unique scores, and then the binary information is converted into the storage data chain. Finally, data can be shared to the corresponding user through the data access sharing interface, and the user needs to log-in to the cloud server to view the financial data.
- the login method is the same as that of the financial data sharing party, and the corresponding financial data sharing authority should also be assigned through the data sharing authority center. The financial data that can be viewed is within the financial data sharing authority of the corresponding user.
- the financial data can be shared according to the user identity authority.
- the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
- FIG. 2 is a structural diagram of a financial data secure sharing device based on a cloud server according to the embodiment 2 of the present invention
- a financial data secure sharing device based on a cloud server comprising the following modules.
- logging-in with the terminal through the data access sharing interface provided by the cloud server to obtain the financial data sharing authority for the financial data sharing party comprises specific steps of: constructing a data access sharing gateway by the cloud server based on the data access sharing interface, while generating a data sharing authority center in the cloud server; using the data access sharing gateway to authenticate an identity of the financial data sharing party, so as to log-in to the cloud server with the terminal; and sending an authenticated identity of the financial data sharing party to the data sharing authority center by the cloud server, and assigning a corresponding financial data sharing authority to the financial data sharing party in the data sharing authority center based on the authenticated identity.
- using the data access sharing gateway to authenticate the identity of the financial data sharing party, so as to log-in to the cloud server with the terminal comprises specific steps of: inputting an identity authentication account and a corresponding authentication password to the cloud server by the financial data sharing party through the data access sharing gateway on the terminal; performing identity matching authentication by the cloud server after receiving the identity authentication account and the corresponding authentication password, and obtaining a first authenticated identity after the identity matching authentication is passed; controlling the terminal to collect a face image of the financial data sharing party based on the data access sharing gateway to perform secondary identity matching authentication, and obtaining a second authenticated identity after the secondary identity matching authentication is passed; and if the first authenticated identity matches with the second authenticated identity, allowing the financial data sharing party to log-in to the cloud server.
- controlling the terminal to collect the face image of the financial data sharing party based on the data access sharing gateway to perform the secondary identity matching authentication, and obtaining the second authenticated identity after the secondary identity matching authentication is passed comprise specific steps of: controlling a camera device of the terminal by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with authorization given to the terminal by the corresponding user; performing key point feature extraction on the collected face image by the cloud server to obtain key point feature data; and performing the secondary identity matching authentication based on the key point feature data and user face feature data stored in the cloud server, and after the secondary identity matching authentication is passed, obtaining a stored identity of the corresponding user as the second authenticated identity.
- the financial data sharing party needs to log-in to the cloud server through the terminal and obtain the relevant financial data sharing authority.
- the cloud server provides the corresponding data access sharing interface, and constructs the data access sharing gateway according to the data access sharing interface, so as to establish a secure interval layer between the cloud server and the terminal through the data access sharing gateway, which ensures security of the cloud server when the terminal accesses the cloud server.
- the data sharing authority center is built in the cloud server, which is specially used to assign the financial data sharing authority to the user, in such a manner that the financial data sharing party can log-in to the cloud server by authenticating the identity through the data access sharing gateway on the terminal.
- the cloud server After the financial data sharing party remotely logs-in to a remote server, the cloud server sends the authenticated identity of the financial data sharing party to the data sharing authorization center, and assigns the corresponding financial data sharing authority to the financial data sharing party in the data sharing authorization center according to the authenticated identity.
- Different financial data sharing authorities corresponding to different financial data sharing parties with different authenticated identities are stored in the data sharing authorization center.
- the authenticated identity is used to match with a corresponding authenticated identity in the data sharing authority center, so as to obtain the financial data sharing authority corresponding to the financial data sharing party.
- a dual authentication method is used for identity authentication, namely the traditional account and password authentication and the biometric authentication.
- the financial data sharing party inputs the identity authentication account number to the cloud server through the data access sharing interface on the terminal and the corresponding authentication password, and then the cloud server receives the identity authentication account number and the corresponding authentication password for identity matching authentication, so as to obtain the first authenticated identity after the authentication is passed.
- the terminal is controlled according to the data access sharing gateway to collect the face image of the financial data sharing party for the secondary identity matching authentication, wherein the second authenticated identity is obtained after the authentication is passed. If the first authenticated identity matches with the second authenticated identity, the financial data sharing party is allowed to log-in to the cloud server.
- the camera device of the terminal is controlled by the cloud server to collect the face image of the financial data sharing party based on the data access sharing gateway with the authorization given to the terminal by the corresponding user.
- the key point feature extraction is performed on the collected face image by the cloud server, wherein grayscale converting as well as high and low pass filtering are performed before locating the key points, and finally the key point feature extraction is performed according to the located key points to obtain the key point feature data.
- the secondary identity matching authentication is performed based on the key point feature data and the user face feature data stored in the cloud server. After the secondary identity matching authentication is passed, the stored identity of the corresponding user is used as the second authenticated identity. Through the secondary authentication, the identity security of the financial data sharing party logging-in to the cloud server is effectively guaranteed, which is beneficial to ensure the authenticity and validity of the shared financial data.
- a data uploading module 22 for filling-in and uploading financial data according to a data sharing upload format provided by the cloud server after the financial data sharing party logs-in.
- filling-in and uploading the financial data according to the data sharing upload format provided by the cloud server after the financial data sharing party logs-in comprises specific steps of: after the financial data sharing party logs-in to the cloud server, pushing the data sharing upload format to the terminal of the financial data sharing party by the cloud server based on the financial data sharing authority of the financial data sharing party; and filling-in and uploading the financial data by the financial data sharing party with the terminal according to the data sharing upload format.
- the cloud server will push the data sharing upload format to the terminal of the financial data sharing party according to the financial data sharing authority of the financial data sharing party or a selection within the financial data sharing authority of the financial data sharing party. Then the financial data sharing party fills-in and uploads the financial data on the corresponding terminal according to the data sharing upload format.
- a format unification module 23 for performing a unified format conversion on the financial data by the cloud server after receiving the financial data, so as to generate unified-format financial data.
- the cloud server after receiving the financial data, performs the unified format conversion on the financial data according to a preset financial data converting rule, so as to generate unified-format financial data.
- An encryption selection module 24 for selecting an encryption method for the unified-format financial data according to the financial data sharing authority or an authentication speed and an authentication scope of a blockchain.
- selecting the encryption method for the unified-format financial data according to the financial data sharing authority or the authentication speed and the authentication scope of the blockchain comprises specific steps of: selecting the encryption method for the unified-format financial data by the financial data sharing party according to the financial data sharing authority; or calculating an optimal value between the authentication speed and the authentication range of different blockchains based on a preset algorithm, and selecting the encryption method for the unified format financial data based on the optimal value; wherein the optimal value between the authentication speed and the authentication range of the different blockchains is a nonlinear mapping process or a linear mapping process; the encryption method is an alliance chain encryption method, a public chain encryption method, or a private chain encryption method.
- the financial data sharing party can select the encryption method the unified-format financial data within the financial data sharing authority.
- the optimal value between the authentication speed and the authentication range of the different blockchains can be calculated based on the preset algorithm, so as to select the encryption method for the unified format financial data based on the optimal value.
- the optimal value between the authentication speed and the authentication range of the different blockchains is calculated with the preset algorithm mainly according to the size of the financial data to be shared and the security level of the financial data (the security level is determined by the financial data sharing party).
- the optimal value between the authentication speed and the authentication range of the different blockchains is the nonlinear mapping process or the linear mapping process; the encryption method is the alliance chain encryption method, the public chain encryption method, or the private chain encryption method.
- An encryption authentication module 25 for processing the unified-format financial data with encryption authentication based on the encryption method selected, and obtaining an encryption authentication result.
- the unified-format financial data is processed with the encryption authentication based on the alliance chain encryption method, and an alliance chain encryption authentication result is recorded.
- the public chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the public chain encryption method, and a public chain encryption authentication result is recorded.
- the private chain encryption method is selected, the unified-format financial data is processed with the encryption authentication based on the private chain encryption method, and a private chain encryption authentication result is recorded. Finally, the encryption authentication result is obtained.
- a data sharing module 26 for storing the encryption authentication result in a memory of the cloud server based on a preset storage structure, and providing data sharing to a corresponding user through the data access sharing interface.
- storing the encryption authentication result in the memory of the cloud server based on the preset storage structure comprises specific steps of: converting the encryption authentication result into binary information, and storing the binary information in the memory of the cloud server according to an ordered set storage structure to form a storage data chain.
- storing the binary information in the memory of the cloud server according to the ordered set storage structure to form the storage data chain comprises specific steps of: while storing the binary information in the memory of the cloud server according to the ordered set storage structure, obtaining corresponding elements of the binary information; binding each of the corresponding elements with a unique score; and storing ordered set serial numbers based on the unique scores, and converting the binary information into the storage data chain.
- the encryption authentication result needs to be converted into the binary information, and then the binary information is stored in the cloud server with the ordered set storage structure, which forms the storage data chain.
- the ordered set storage structure is zeset (ordered set) in Redis (key-value storage system (database)).
- the zeset is a sortable set. Inside the zeset, each element has a unique score bound to it, which means the binary information can be stored to form the storage data chain.
- the encryption authentication result should be converted into the binary information for storage, then the binary information is stored in the memory of the cloud server according to the ordered set storage structure, and the elements corresponding to the binary information are obtained. Inside the ordered set in the memory, each element is bound with the unique score. When it is first queried by the user, the corresponding element can be queried through the unique score. The ordered set serial numbers are stored based on the unique scores, and then the binary information is converted into the storage data chain. Finally, data can be shared to the corresponding user through the data access sharing interface, and the user needs to log-in to the cloud server to view the financial data.
- the login method is the same as that of the financial data sharing party, and the corresponding financial data sharing authority should also be assigned through the data sharing authority center. The financial data that can be viewed is within the financial data sharing authority of the corresponding user.
- the financial data can be shared according to the user identity authority.
- the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
- FIG. 3 is a structural diagram of a financial data secure sharing system based on a cloud server according to the embodiment 3 of the present invention.
- a financial data secure sharing system based on a cloud server comprising: the cloud server 31 and multiple user terminals 32 , wherein the multiple user terminals 32 perform data interactive connection based on a data access sharing gateway constructed by the cloud server 31 ; the system is configured to execute the above financial data secure sharing method.
- the financial data can be shared according to the user identity authority.
- the data Before the financial data is shared, the data is encrypted with a blockchain technology while stored based on an ordered set storage structure. The data is shared through the data access sharing interface to the corresponding users, thereby ensuring the security of the shared financial data.
- ROM Read Only Memory
- RAM Random Access Memory
- magnetic disk magnetic disk
- compact disk etc.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Development Economics (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Databases & Information Systems (AREA)
- Human Resources & Organizations (AREA)
- Operations Research (AREA)
- Entrepreneurship & Innovation (AREA)
- Game Theory and Decision Science (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Automation & Control Theory (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111285562.1 | 2021-11-02 | ||
CN202111285562.1A CN113722695B (zh) | 2021-11-02 | 2021-11-02 | 基于云端服务器的财务数据安全共享方法、装置及系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20220253543A1 US20220253543A1 (en) | 2022-08-11 |
US11487892B2 true US11487892B2 (en) | 2022-11-01 |
Family
ID=78686385
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/729,996 Active US11487892B2 (en) | 2021-11-02 | 2022-04-26 | Financial data secure sharing method, device and system based on cloud server |
Country Status (2)
Country | Link |
---|---|
US (1) | US11487892B2 (zh) |
CN (1) | CN113722695B (zh) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114783148A (zh) * | 2022-03-31 | 2022-07-22 | 北京智想北斗技术有限公司 | 一种基于5g、北斗通信智能自切换的地质灾害实时在线监测与告警的方法 |
CN114510735B (zh) * | 2022-04-01 | 2022-07-19 | 国网浙江省电力有限公司 | 基于角色管理的智慧共享财务管理方法及平台 |
CN114567447B (zh) * | 2022-04-26 | 2022-07-19 | 佳瑛科技有限公司 | 一种基于云端服务器的数据共享管理方法及装置 |
CN114896201B (zh) * | 2022-07-13 | 2022-10-04 | 广东电网有限责任公司 | 一种数字电网财务数据迁移方法及系统 |
CN116781234B (zh) * | 2023-05-04 | 2024-02-02 | 深圳市海德盈富信息技术策划有限公司 | 基于伪随机乱序加密的财务数据共享方法及装置 |
CN117216478B (zh) * | 2023-09-12 | 2024-04-30 | 杭州融易算智能科技有限公司 | 一种财务数据批量处理方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075544A (zh) | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | 局域网共享文件加密系统及其加解密方法 |
US9654450B2 (en) * | 2012-04-27 | 2017-05-16 | Synchronoss Technologies, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US20210133340A1 (en) * | 2019-11-05 | 2021-05-06 | Gad Solotorevsky | System and Method for Protecting Information |
US20210150038A1 (en) * | 2019-11-20 | 2021-05-20 | International Business Machines Corporation | Smart data protection |
CN113536376A (zh) | 2021-07-19 | 2021-10-22 | 中创智联科技(江苏)有限公司 | 一种企业财务数据安全管理系统及其方法 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104980477B (zh) * | 2014-04-14 | 2019-07-09 | 航天信息股份有限公司 | 云存储环境下的数据访问控制方法和系统 |
CN105023086A (zh) * | 2015-01-07 | 2015-11-04 | 泰华智慧产业集团股份有限公司 | 一种基于云计算的数字城市管理数据共享系统 |
CN105072180B (zh) * | 2015-08-06 | 2018-02-09 | 武汉科技大学 | 一种有权限时间控制的云存储数据安全共享方法 |
CN107979590B (zh) * | 2017-11-02 | 2020-01-17 | 财付通支付科技有限公司 | 数据共享方法、客户端、服务器、计算设备及存储介质 |
CN107766715A (zh) * | 2017-11-24 | 2018-03-06 | 天津中德应用技术大学 | 财务共享安全防护系统 |
CN109242661A (zh) * | 2018-08-22 | 2019-01-18 | 重庆满集网络科技有限公司 | 一种财务账号调账实现方法 |
CN111046421A (zh) * | 2019-11-28 | 2020-04-21 | 郑州财经学院 | 一种基于app的企业管理共享方法 |
CN111444261A (zh) * | 2020-02-13 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | 一种基于区块链的企业数据共享模型 |
CN111935068A (zh) * | 2020-06-12 | 2020-11-13 | 工业互联网创新中心(上海)有限公司 | 一种大数据平台及其服务端、安全认证系统与方法 |
CN111914269B (zh) * | 2020-07-07 | 2024-02-02 | 华中科技大学 | 一种区块链和云存储环境下的数据安全共享方法和系统 |
CN113222729A (zh) * | 2021-05-31 | 2021-08-06 | 刘东奇 | 一种家庭智能财务管理系统 |
-
2021
- 2021-11-02 CN CN202111285562.1A patent/CN113722695B/zh active Active
-
2022
- 2022-04-26 US US17/729,996 patent/US11487892B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075544A (zh) | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | 局域网共享文件加密系统及其加解密方法 |
US9654450B2 (en) * | 2012-04-27 | 2017-05-16 | Synchronoss Technologies, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US20210133340A1 (en) * | 2019-11-05 | 2021-05-06 | Gad Solotorevsky | System and Method for Protecting Information |
US20210150038A1 (en) * | 2019-11-20 | 2021-05-20 | International Business Machines Corporation | Smart data protection |
CN113536376A (zh) | 2021-07-19 | 2021-10-22 | 中创智联科技(江苏)有限公司 | 一种企业财务数据安全管理系统及其方法 |
Also Published As
Publication number | Publication date |
---|---|
US20220253543A1 (en) | 2022-08-11 |
CN113722695B (zh) | 2022-02-08 |
CN113722695A (zh) | 2021-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11487892B2 (en) | Financial data secure sharing method, device and system based on cloud server | |
US11599624B2 (en) | Graphic pattern-based passcode generation and authentication | |
US8800003B2 (en) | Trusted device-specific authentication | |
US8584221B2 (en) | Authenticating using cloud authentication | |
CN102420690B (zh) | 一种工业控制系统中身份与权限的融合认证方法及系统 | |
US20160125416A1 (en) | Authentication system | |
US11057210B1 (en) | Distribution and recovery of a user secret | |
US20090300168A1 (en) | Device-specific identity | |
US11604867B2 (en) | Graphic pattern-based authentication with adjustable challenge level | |
WO2015066511A1 (en) | Determining identity of individuals using authenticators | |
CN114567447B (zh) | 一种基于云端服务器的数据共享管理方法及装置 | |
US11057373B2 (en) | System for authentication using channel dependent one-time passwords | |
Abdellaoui et al. | A novel strong password generator for improving cloud authentication | |
CN109981680A (zh) | 一种访问控制实现方法、装置、计算机设备及存储介质 | |
US20230208637A1 (en) | Key management method and apparatus | |
CN111010279A (zh) | 一种基于零知识证明的远程多因子认证协议 | |
CN105210071A (zh) | 用于持久认证的隐私保护的知识/因素拥有测试 | |
CN106529216B (zh) | 一种基于公共存储平台的软件授权系统及软件授权方法 | |
KR20220075723A (ko) | Did를 이용한 신원 인증 방법 및 시스템 | |
CN116112242B (zh) | 面向电力调控系统的统一安全认证方法及系统 | |
Zhu et al. | An efficient biometric authenticated protocol for arbitrary-domain-server with blockchain technology | |
Vinothkumar et al. | A Two-Level Authentication Approach for Securing Data in Cloud | |
Abuelhija et al. | Secure Voting System Using Distributed Ledger Technology | |
CN112822687B (zh) | 一种锥体区块链移动终端认证方法 | |
US20210006552A1 (en) | Methods and systems to facilitate establishing a connection between an access-seeking device and an access granting device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |